Hello Nazario, Could you try it by creating a new topic?
Thank you, Anirudh That works. At least it is saying that it is registering now with the SSL side. [2016-02-01 12:29:40,184] INFO Registered broker 0 at path /brokers/ids/0 with addresses: PLAINTEXT -> EndPoint(servername,9092,PLAINTEXT),SSL -> EndPoint(servername,9093,SSL) (kafka.utils.ZkUtils) Thank you. Now to the next problem. :-) Still related to SSL. The producer is not giving any more LEADER_NOT_AVAILABLE errors. but is now having this problem instead. [2016-02-01 12:41:59,273] ERROR Error when sending message to topic test with key: null, value: 5 bytes with error: Failed to update metadata after 60000 ms. (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback) [2016-02-01 12:42:59,274] ERROR Error when sending message to topic test with key: null, value: 7 bytes with error: Failed to update metadata after 60000 ms. (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback) [2016-02-01 12:43:59,275] ERROR Error when sending message to topic test with key: null, value: 0 bytes with error: Failed to update metadata after 60000 ms. (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback) Consumer is connecting too but not receiving any data > On Feb 1, 2016, at 12:15 PM, Ismael Juma <ism...@juma.me.uk> wrote: > > Please use advertised.listeners instead of advertised.host.name. See this > comment: > > https://github.com/apache/kafka/pull/793#issuecomment-174287124 > > Ismael > > On Mon, Feb 1, 2016 at 4:44 PM, Nazario Parsacala <dodongj...@gmail.com> > wrote: > >> Hi, >> >> We were using kafka for a while now. We have been using the binary release >> 2.10-0.8.2.1 . But we have been needing a encrypted communication between >> our publishers and subscribers. So we got 2.10-0.9.0.0. This works very >> well with no SSL enabled. But currently have issues with SSL enabled. >> >> So configured SSL according to >> http://kafka.apache.org/documentation.html#security . And only place the >> following changes in the server.properties to enable SSL >> >> listeners=PLAINTEXT://servername:9092, SSL://servername:9093 >> >> # The port the socket server listens on >> #port=9092 >> >> # Hostname the broker will bind to. If not set, the server will bind to >> all interfaces >> host.name=servername >> >> >> >> >> >> # SSL Stuff >> # >> ssl.client.auth=required >> ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 >> ssl.keystore.location=/pathto/certs/server.keystore.jks >> ssl.keystore.password=123456 >> ssl.key.password=123456 >> ssl.truststore.location=/pathto/certs/server.truststore.jks >> ssl.truststore.password=123456 >> >> >> At start up I see the following in the logs: >> >> >> advertised.host.name = servername >> metric.reporters = [] >> quota.producer.default = 9223372036854775807 >> offsets.topic.num.partitions = 50 >> log.flush.interval.messages = 9223372036854775807 >> auto.create.topics.enable = true >> controller.socket.timeout.ms = 30000 >> log.flush.interval.ms = null >> principal.builder.class = class >> org.apache.kafka.common.security.auth.DefaultPrincipalBuilder >> replica.socket.receive.buffer.bytes = 65536 >> min.insync.replicas = 1 >> replica.fetch.wait.max.ms = 500 >> num.recovery.threads.per.data.dir = 1 >> ssl.keystore.type = JKS >> default.replication.factor = 1 >> ssl.truststore.password = [hidden] >> log.preallocate = false >> sasl.kerberos.principal.to.local.rules = [DEFAULT] >> fetch.purgatory.purge.interval.requests = 1000 >> ssl.endpoint.identification.algorithm = null >> replica.socket.timeout.ms = 30000 >> message.max.bytes = 1000012 >> num.io.threads = 8 >> offsets.commit.required.acks = -1 >> log.flush.offset.checkpoint.interval.ms = 60000 >> delete.topic.enable = false >> quota.window.size.seconds = 1 >> ssl.truststore.type = JKS >> offsets.commit.timeout.ms = 5000 >> quota.window.num = 11 >> zookeeper.connect = servername:2181 >> authorizer.class.name = >> num.replica.fetchers = 1 >> log.retention.ms = null >> log.roll.jitter.hours = 0 >> log.cleaner.enable = false >> offsets.load.buffer.size = 5242880 >> log.cleaner.delete.retention.ms = 86400000 >> ssl.client.auth = required >> controlled.shutdown.max.retries = 3 >> queued.max.requests = 500 >> offsets.topic.replication.factor = 3 >> log.cleaner.threads = 1 >> sasl.kerberos.service.name = null >> sasl.kerberos.ticket.renew.jitter = 0.05 >> socket.request.max.bytes = 104857600 >> ssl.trustmanager.algorithm = PKIX >> zookeeper.session.timeout.ms = 6000 >> log.retention.bytes = -1 >> sasl.kerberos.min.time.before.relogin = 60000 >> zookeeper.set.acl = false >> connections.max.idle.ms = 600000 >> offsets.retention.minutes = 1440 >> replica.fetch.backoff.ms = 1000 >> inter.broker.protocol.version = 0.9.0.X >> log.retention.hours = 168 >> num.partitions = 4 >> listeners = PLAINTEXT://servername:9092, SSL://servername:9093 >> ssl.provider = null >> ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] >> log.roll.ms = null >> log.flush.scheduler.interval.ms = 9223372036854775807 >> ssl.cipher.suites = null >> log.index.size.max.bytes = 10485760 >> ssl.keymanager.algorithm = SunX509 >> security.inter.broker.protocol = PLAINTEXT >> replica.fetch.max.bytes = 1048576 >> advertised.port = null >> log.cleaner.dedupe.buffer.size = 524288000 >> replica.high.watermark.checkpoint.interval.ms = 5000 >> log.cleaner.io.buffer.size = 524288 >> sasl.kerberos.ticket.renew.window.factor = 0.8 >> zookeeper.connection.timeout.ms = 6000 >> controlled.shutdown.retry.backoff.ms = 5000 >> log.roll.hours = 168 >> log.cleanup.policy = delete >> host.name = servername >> log.roll.jitter.ms = null >> max.connections.per.ip = 2147483647 >> offsets.topic.segment.bytes = 104857600 >> background.threads = 10 >> quota.consumer.default = 9223372036854775807 >> request.timeout.ms = 30000 >> log.index.interval.bytes = 4096 >> log.dir = /tmp/kafka-logs >> log.segment.bytes = 1073741824 >> log.cleaner.backoff.ms = 15000 >> offset.metadata.max.bytes = 4096 >> ssl.truststore.location = /pathto/certs/server.truststore.jks >> group.max.session.timeout.ms = 30000 >> ssl.keystore.password = [hidden] >> zookeeper.sync.time.ms = 2000 >> port = 9092 >> log.retention.minutes = null >> log.segment.delete.delay.ms = 60000 >> log.dirs = /pathto/logs/kafka >> controlled.shutdown.enable = true >> compression.type = producer >> max.connections.per.ip.overrides = >> sasl.kerberos.kinit.cmd = /usr/bin/kinit >> log.cleaner.io.max.bytes.per.second = 1.7976931348623157E308 >> auto.leader.rebalance.enable = true >> leader.imbalance.check.interval.seconds = 300 >> log.cleaner.min.cleanable.ratio = 0.5 >> replica.lag.time.max.ms = 10000 >> num.network.threads = 3 >> ssl.key.password = [hidden] >> reserved.broker.max.id = 1000 >> metrics.num.samples = 2 >> socket.send.buffer.bytes = 102400 >> ssl.protocol = TLS >> socket.receive.buffer.bytes = 102400 >> ssl.keystore.location = /pathto/certs/server.keystore.jks >> replica.fetch.min.bytes = 1 >> unclean.leader.election.enable = true >> group.min.session.timeout.ms = 6000 >> log.cleaner.io.buffer.load.factor = 0.9 >> offsets.retention.check.interval.ms = 600000 >> producer.purgatory.purge.interval.requests = 1000 >> >> >> >> So as you can see the listeners are supposedly setup as >> >> listeners = PLAINTEXT://servername:9092, SSL://servername:9093 >> >> in the logs which reflected what was setup in the server.properties. >> >> However further down the logs, it is only PLAINTEXT that is being >> registered .. >> >> [2016-02-01 11:27:49,712] INFO Registered broker 0 at path /brokers/ids/0 >> with addresses: PLAINTEXT -> EndPoint(servername,9092,PLAINTEXT) >> (kafka.utils.ZkUtils) >> >> >> not the port 9093 nor the SSL. >> >> I have done multiple permutations of this config including clearing the >> entire kafka and zookeeper data. Still no luck. I even forced the the SSL >> on port 9092 with the same issue. The resulting effect on this is that the >> producer and consumer is giving me errors like : >> >> lients.NetworkClient) >> [2016-02-01 10:58:41,001] WARN Error while fetching metadata with >> correlation id 57 : {test=LEADER_NOT_AVAILABLE} >> (org.apache.kafka.clients.NetworkClient) >> [2016-02-01 10:58:41,103] WARN Error while fetching metadata with >> correlation id 58 : {test=LEADER_NOT_AVAILABLE} >> (org.apache.kafka.clients.NetworkClient) >> [2016-02-01 10:58:41,205] WARN Error while fetching metadata with >> correlation id 59 : {test=LEADER_NOT_AVAILABLE} >> (org.apache.kafka.clients.NetworkClient) >> >> >> Any help is appreciated. >> >>
